[ovirt-users] oVirt Authentication and Authorization

Thu, 28 Jun 2018 05:50:36 -0700 

Hi Team,

We have three components in our setup

1) Our Script (application using python)
2) Ovirt
3) LDAP (Also integrated to oVirt)

1) Our Python application is authenticating to LDAP and it creates a token
for our application
2) For accessing the API's in oVIrt, I need to contact to the oVirt API
which authenticates and creates a token for it
3) then I need to maintain the token of my application with its mapping to
the ovirt tokenId in my application.

When I want to hit any oVirt API, First I perform the token check in my
application (using my application token) then I need to perform the ovirt
token check in oVirt.

1)
* I would like to know Is there a way to skip the authentication and
authorization in oVIrt? *
2)* Or Is it possible to point the authentication check for oVirt (to my
application / to some URL which I configure) which always return true and
allow for all oVirt API's?*


*I did some analysis and verified the oVirt code in github, Identified that
it is going via a fliter in web.xml which points to the class, Is it
possible to tune this? *

   <filter>
        <filter-name>RestApiSessionValidationFilter</filter-name>

<filter-class>org.ovirt.engine.core.aaa.filters.RestApiSessionValidationFilter</filter-class>
    </filter>
    <filter-mapping>
        <filter-name>RestApiSessionValidationFilter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

    <filter>
        <filter-name>SessionValidationFilter</filter-name>

<filter-class>org.ovirt.engine.core.aaa.filters.SessionValidationFilter</filter-class>
    </filter>
    <filter-mapping>
        <filter-name>SessionValidationFilter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

    <filter>
        <filter-name>SsoRestApiAuthFilter</filter-name>

<filter-class>org.ovirt.engine.core.aaa.filters.SsoRestApiAuthFilter</filter-class>
    </filter>
    <filter-mapping>
        <filter-name>SsoRestApiAuthFilter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

    <filter>
        <filter-name>SsoRestApiNegotiationFilter</filter-name>

<filter-class>org.ovirt.engine.core.aaa.filters.SsoRestApiNegotiationFilter</filter-class>
    </filter>
    <filter-mapping>
        <filter-name>SsoRestApiNegotiationFilter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

If my query is not clear, please let me know.

Thanks,
Hari

_______________________________________________
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/BTTA5RFMXCLI36FI5WE64UNW7CBOSYTG/

Reply via email to